System and method for blocking devices from a carrier network

ABSTRACT

There is disclosed a system and method for blocking a device from a carrier network. In an embodiment, the method comprises defining an unauthorized combination filter including one or more device parameters; attaching the unauthorized combination filter to a carrier; comparing the device parameter values in the unauthorized combination filter to device parameter values stored in the device; and if the device parameter values stored in the device match the device parameter values in the unauthorized combination filter, then blocking the device from accessing the carrier network. The device parameter values stored in the device may include one or more of a device type value, a device operating system version value, and a device application version value, and the method further comprises comparing these one or more values to corresponding device parameter values defined in the unauthorized combination filter. The unauthorized combination filter may be attached to a carrier by providing a carrier identifier.

FIELD OF THE INVENTION

The present invention relates generally to a system and method forblocking a device from a carrier network.

BACKGROUND

Suppliers of communication services may provide various types ofservices that may be offered to mobile handheld device subscribers onvarious carriers. Such services may include, for example, electronicmail (email), voice communications, instant text messaging, Internetbrowsing, music downloading, and various services that may becomeavailable with the introduction of a new communication device. With theaddition of new types of services and features, it may be necessary toupgrade network software versions, which may make certain devicesincompatible with certain carrier networks. A solution is required toeffectively manage access to a carrier network for these devices.

BRIEF DESCRIPTION OF THE DRAWINGS

In the figures which illustrate exemplary embodiments:

FIG. 1 is an illustration of a mobile handheld device in accordance withan embodiment;

FIG. 2 is a schematic diagram of a communication subsystem component inthe device of FIG. 1;

FIG. 3 is a schematic diagram of illustrative wireless networks;

FIG. 4A and FIG. 4B show illustrative device parameter values stored infirst and second devices;

FIG. 5 shows a schematic diagram of a user interface for setting deviceparameter values for an unauthorized combination filter;

FIG. 6 shows an illustrative example of a device being blocked from acarrier network; a and

FIG. 7 is an illustrative flowchart of a method in accordance with anembodiment.

DETAILED DESCRIPTION

As noted above, the present invention relates to a system and method forblocking a device from a carrier network.

Shown in FIG. 1 is a schematic block diagram of an illustrative mobilehandheld device 100. The handheld device 100 may comprise a number ofcomponents, including a main processor 102 which controls the overalloperation of device 100. Various communication functions, including dataand voice communications, Internet browsing, instant text messaging,etc. may be performed through a communication subsystem 104 via wirelessnetwork 200.

The main processor 102 may also interact with additional subsystems suchas a random access memory (RAM) 106, a flash memory 108, a display 110,an auxiliary input/output (I/O) subsystem 112, a data port 114, akeyboard 116, a speaker 118, a microphone 120, short-rangecommunications 122 and other device subsystems 124. The device 100 maybe a battery-powered device and may include a battery interface 132 forreceiving one or more rechargeable batteries 130 and for powering thevarious subsystems described above.

Operating system software used by the main processor 102 is typicallystored in a persistent store such as flash memory 108. Those skilled inthe art will appreciate that the operating system, specific deviceapplications, or parts thereof, may be temporarily loaded into avolatile store such as the RAM 106.

Handheld device 100 may also include a read-only memory (ROM) 107 thatmay store a non-alterable electronic serial number or ESN which may beburned into ROM 107 at the time of manufacture of device 100. Inaddition, handheld device 100 may have a unique product identificationnumber (PIN) stored in the ROM 107, or in another memory store in device100.

The main processor 102, in addition to its operating system functions,enables execution of software applications 134 on the device 100. Thesoftware applications 134 may control various device features andservices, and may be installed on the device 100 during its manufacture,or may be subsequently loaded onto the device 100 as a software updatethrough one of the wireless network 200, the auxiliary I/O subsystem112, the data port 114, the short-range communications subsystem 122, oranother subsystem 124.

The software applications 134 may include, for example, variouscommunication service modules 136 (e.g. email, instant text messaging,Internet browsing, music downloading, etc.), and a password approvalmodule 138. The software applications 134 may also include a deviceservice management module 137 for managing the service applicationsprovisioned for device 100 on a carrier network. The handheld device 100may also include a carrier network access module 139 that may besuitably adapted to manage access to a carrier network for the handhelddevice 100. Carrier network access module 139 will be described in moredetail below. The handheld device 100 may further include a device statemodule 140, an address book 142, a personal information manager (PIM)144, and various other modules 146.

Referring now to FIG. 2, a block diagram of the communication subsystemcomponent 104 of FIG. 1 is shown. The communication subsystem 104 maycomprise a receiver 210 and a transmitter 212, as well as associatedcomponents such as one or more embedded or internal antenna elements214, 216, Local Oscillators (LOs) 218, and a processing module such as aDigital Signal Processor (DSP) 220.

Signals received by the antenna 214 through the wireless network 200 areinput to the receiver 210, which can perform such common receiverfunctions as signal amplification, frequency down conversion, filtering,channel selection, and analog-to-digital (A/D) conversion. A/Dconversion of a received signal allows more complex communicationfunctions such as demodulation and decoding to be performed in the DSP220. In a similar manner, signals to be transmitted are processed,including modulation and encoding, by the DSP 220. These DSP-processedsignals are input to the transmitter 212 for digital-to-analog (D/A)conversion, frequency up conversion, filtering, amplification andtransmission over the wireless network 200 via the antenna 216.

Now referring to FIG. 3, shown is an illustrative schematic blockdiagram of wireless networks 200A, 200B of mobile carrier A 310 andmobile carrier B 320, respectively. With the various components andsubsystems described above, device 100 may be configured to accessvarious services available through wireless networks 200A and 200B. Asshown, each of the wireless networks 200A, 200B may have subsystems 314,324 for registering and provisioning various wireless services fordevices 100 on their respective wireless networks 310, 320. The supplier330 may offer various communication services via network connections tothe supplier 330's own network 332. The communication services mayinclude, for example, wireless email, voice communication, instant textmessaging, Internet browsing, music downloading, and various otherservices to subscribers on wireless networks 200A, 200B.

The supplier 330's network 332 may connect to a provisioning system 334maintained by the supplier 330 and which may be appropriately configuredto interact with subsystems 314, 324 provided on each of the wirelessnetworks 200A, 200B. If connected through the Internet, for example, theconnections between provisioning system 334 and subsystems 314, 324 maybe by way of XML, or a web services interface. With a suitable networkconnection, subsystems 314 and 324 may be configured to interact withthe supplier 330's provisioning system 334 to request activation,deactivation, suspension or modification of a subscriber's services ontheir respective wireless networks 200A, 200B.

Provisioning system 334 may maintain a database 336 of services thathave been provisioned for each of the devices 100 on the wirelessnetworks 200A, 200B of mobile carrier A 310, and mobile carrier B 320.In the database 336 of provisioning system 334, each of the devices 100may be uniquely identified, for example, by the unique ESN burned intothe ROM 107 of each device 100. Alternatively, each device 100 may beuniquely identified by the unique PIN identifier stored in ROM 107, orin another memory store in device 100. Records in database 336 maycontain the unique ESN or PIN retrieved from ROM 107 or another memorystore on each device 100. Each device 100 may thus be uniquelyrecognized by the supplier's provisioning system 334. Records indatabase 336 may also store information for the owning mobile carrier(e.g. mobile carrier A 310, or mobile carrier B 320), and thisinformation may be linked to the unique ESN or PIN of device 100.

In an embodiment, each device 100 may include a carrier network accessmodule 139 (FIG. 1) which is adapted to store various device propertiesor parameters, such as device type, device operating system (“OS”)version, and a device application version. Furthermore, the carriernetwork access module 139 may store a value indicating the carrier towhich the device 100 is linked or assigned. As will be explained in moredetail further below, these various device parameters or properties maybe used individually or in combination to block a device 100 or aplurality of devices 100 from accessing a particular carrier network.

Now referring to FIG. 4A, in an illustrative example, a first mobilehandheld device 100A may have a carrier network access module 139Astoring values for each device parameter, such as device type value 402Aof “6800”, a device OS version value 404A of “4.0.1”, a deviceapplication value 406A of “3.1.1”, and a carrier identifier 408A of“Carrier A”. As shown, carrier network access module 139A may also haveaccess to the device ESN value 410A retrieved from ROM 107 of device100A.

Now referring to FIG. 4B, in another illustrative example, a secondmobile handheld device 100B may have a carrier network access module139B storing values for each device parameter, such as a device typevalue 402B of “6700”, a device OS version value 404B of “3.0.1”, adevice application version of “2.1.1”, and a carrier identifier 408B of“Carrier A”. As shown, carrier network access module 139B may also haveaccess to the device ESN value 410B retrieved from ROM 107 of device100B.

Now referring to FIG. 5, in an illustrative example, shown is a userinterface that may be accessed by an administrator for defining anunauthorized combination filter 500 of device parameters that may beused to block a device or a plurality of devices from accessing carriernetwork 200A. The term “unauthorized combination” is used in the presentdisclosure to define device parameters for a group of devices to beblocked from a particular carrier network. More particularly, the deviceparameters may be a combination of a number of device parameters,including one or more of such device parameters as described above.

As illustrated in FIG. 5, each unauthorized combination filter 500 mayinclude an unauthorized device type field 502, an unauthorized device OSversion field 504, and an unauthorized device application version field506. The regular expression fields in the unauthorized combination 500are used to determine the group or class of devices to be blocked from acarrier as defined in carrier identifier 508.

Furthermore, each unauthorized combination filter 500 may include a namefield 510 which contains a unique name for the unauthorized combinationfilter 500 (e.g. such as “6XXX Blocking Filter—Carrier A”), and whichmay be used to uniquely identify the unauthorized combination filter500.

Optionally, a description field 512 may also be included to provide amore detailed description for the unauthorized combination filter 500,such as “Unauthorized combination for new network update on carrier A”in the current illustrative example. The unauthorized combination filter500 thus defines a group or class of devices to be blocked, and may beattached to a carrier via carrier identifier 508. By mapping theunauthorized combination filter 500 to a carrier's unique identifier508, the blocking mechanism may take affect.

While the above embodiments describe an example where the unauthorizedcombination filter 500 is attached to one carrier (e.g. carrier A), itwill be appreciated that the unauthorized combination filter 500 may beattached to more than one carrier. As well, a carrier may have more thanone unauthorized combination filter blocking more than one group orclass of devices based on different filtering criteria.

Now referring to FIG. 6, shown is a block diagram 600 of an illustrativeexample of how a defined unauthorized combination filter 500 may beattached to a carrier to block a group or class of devices fromaccessing a carrier network. For example, the unauthorized combinationfilter 500 may be defined and attached to mobile carrier A subsystem 314such that the device parameters for any device attempting to register onmobile carrier A's network is tested against the device parameter valuesin the unauthorized combination filter 500.

As shown, a first mobile handheld device 610A and a second mobilehandheld device 610B may be provisioned to access the carrier network ofmobile carrier A shown at 310. As the first and second mobile handhelddevices 610A and 610B each attempt to register through mobile carrierA's carrier network, the device parameter values in the carrier networkaccess module 139 of each device is compared against the deviceparameter values in the unauthorized combination filter 500 that isattached to a mobile carrier A's subsystem 314.

For example, each of the device type values 402A and 402B may becompared against a number of unauthorized device types as defined in theunauthorized device type field 502, and each of the device OS versionvalues 404A and 404B may be compared against a minimum OS version asdefined in the unauthorized device OS version field 504.

In an embodiment, at mobile carrier A's registration and provisioningsubsystem 314, if the device's device type, device OS version and deviceapplication version match the corresponding unauthorized device type,unauthorized device OS version, and unauthorized device applicationversion fields as defined in the unauthorized combination filter 500,the device will be blocked. Thus, as shown, the first mobile handhelddevice 610A is successfully registered and is able to access the carriernetwork 200A for mobile carrier A as there is no complete match. On theother hand, when the second mobile handheld device 610B attempts toregister on the carrier network 200A, it is unable to access the carriernetwork 200A as it is blocked by the defined unauthorized combinationfilter 500 attached to mobile carrier A's subsystem 314 (i.e. there is amatch of the device parameters).

In another embodiment, instead of populating all of the fields ofunauthorized combination filter 500, only some of the fields may bepopulated so that the unauthorized combination filter 500 is lessspecific (and thus is able to block a larger group or class of devices).As will be appreciated, by defining one or more of the unauthorizeddevice parameters, and by attaching the defined unauthorized combinationfilter 500 to a carrier subsystem (e.g. mobile carrier A's subsystem314), a group or class of devices may be blocked from accessing thecarrier network, thereby allowing effective network management.

In an embodiment, when a device is unable to access the carrier network200A, the device ESN (e.g. as may be provided in the carrier networkaccess module 139) may be recorded for device management purposes. Thus,for example, if mobile handheld device 610B is temporarily being blockedfrom mobile carrier A's carrier network 200A due to an incompatibilitywith upgraded software on the network, the device user may be notifiedof the problem and instructed to seek a remedy, such as upgrading thedevice OS version and/or the device application version, by attachingthe device to a computer attached to the Internet. Thus, the device OSversion and the device application version may be updated as needed forsupport by a carrier network. Alternatively, the software on the networkmay be further updated to improve compatibility with more devices andversions.

Once the reason for blocking a group or class of devices hasdisappeared, the unauthorized combination filter may be detached fromthe carrier's registration and provisioning subsystem, such thatsubsequent attempts to register on the carrier network will besuccessful.

Now referring to FIG. 7, shown is an illustrative method 700 forblocking a device from a carrier network corresponding to the system asdescribed above. Method 700 starts at block 702, where method 700defines an unauthorized combination filter. As described earlier, theunauthorized combination filter may include values for one or moredevice parameters as defined by an administrator, including a devicetype, device OS version, a device application version, a carrieridentifier, and a unique name for the unauthorized combination filter.Optionally, the unauthorized combination filter may further include adescription field for entering a fuller description of the unauthorizedcombination filter.

Method 700 then proceeds to block 704, where method 700 attaches theunauthorized combination filter to a carrier. By attaching theunauthorized combination filter to a carrier, the blocking function ofthe unauthorized combination is activated.

Next, method 700 proceeds to block 706, where method 700 compares thedevice parameter values in the unauthorized combination filter to thedevice parameter values as stored in a carrier network access module ineach device.

Method 700 then proceeds to decision block 708, where method 700determines if the device parameter values match. If yes, method 700proceeds to block 710 where method 700 optionally sends an error messageto the device to explain why the device is being blocked. Method 700 maythen proceed to block 712 to block access to the carrier network andprevent the device from registering. Method 700 then ends.

If at decision block 708 the answer is no, then method 700 proceeds toblock 714 where method 700 permits access to the carrier network andallows the device to function normally. Method 700 then ends.

Thus, in an aspect, there is provided a method of blocking a mobilehandheld device from a carrier network, comprising: defining anunauthorized combination filter including one or more device parameters;attaching the unauthorized combination filter to a carrier registrationsubsystem; comparing the device parameter values in the unauthorizedcombination filter to device parameter values stored in the device; andif the device parameter values stored in the device match the deviceparameter values in the unauthorized combination filter, then blockingthe device from accessing the carrier network.

In an embodiment, the device parameter values stored in the deviceinclude one or more of a device type value, a device operating systemversion value, and a device application version value, and the methodfurther comprises comparing these one or more values to correspondingdevice parameter values in the unauthorized combination filter.

In another embodiment, the device is blocked from accessing the carriernetwork if a combination of a device type value, a device operatingsystem version value, and a device application version value is matched.

In another embodiment, the method further comprises sending an errormessage to the device upon blocking to explain the reason for the block.

In another embodiment, the method further comprises retrieving andstoring the ESN or PIN for each blocked device.

In another embodiment, attaching the unauthorized combination filter toa carrier comprises providing a carrier identifier and attaching theunauthorized combination filter to a carrier's registration subsystem.

In another embodiment, the method further comprises detaching theunauthorized combination filter from the carrier registration subsystem;and permitting any previously blocked devices to access the carriernetwork.

In another aspect, there is provided a system for blocking a mobilehandheld device from a carrier network, comprising: processing meansadapted to define an unauthorized combination filter including one ormore device parameters; processing means adapted to attach theunauthorized combination filter to a carrier registration subsystem;processing means adapted to compare the device parameter values in theunauthorized combination filter to device parameter values stored in thedevice; and processing means adapted to compare the device parametervalues in the device with one or more device parameter values in theunauthorized combination filter, and to block the device from accessingthe carrier network if the device parameter values match.

In an embodiment, the device parameter values stored in the deviceinclude one or more of a device type value, a device operating systemversion value, and a device application version value, and the systemfurther comprises processing means adapted to compare these one or morevalues to corresponding device parameter values in the unauthorizedcombination filter.

In an embodiment, the device is blocked from accessing the carriernetwork if a combination of a device type value, a device operatingsystem version value, and a device application version value is matched.

In an embodiment, the system further comprises processing means adaptedto send an error message to the device upon blocking to explain thereason for the block.

In another embodiment, the system further comprises processing meansadapted to retrieve and storing the ESN or PIN for each blocked device.

In another embodiment, the processing means for attaching theunauthorized combination filter to a carrier comprises processing meansadapted to provide a carrier identifier and to attach the unauthorizedcombination filter to a carrier's registration subsystem.

In another embodiment, the system further comprises: processing meansadapted to detach the unauthorized combination filter from the carrierregistration subsystem; and processing means adapted to permit anypreviously blocked devices to access the carrier network.

In another aspect, there is provided a data processor readable mediumstoring data processor code that when loaded onto a carrier registrationsubsystem adapts the subsystem to block a mobile handheld device from acarrier network, the data processor readable medium comprising: code fordefining an unauthorized combination filter including one or more deviceparameters; code for attaching the unauthorized combination filter to acarrier registration subsystem; code for comparing the device parametervalues in the unauthorized combination filter to device parameter valuesstored in the device; and code for blocking the device from accessingthe carrier network if the device parameter values stored in the devicematch the device parameter values in the unauthorized combinationfilter.

In an embodiment, the device parameter values stored in the deviceinclude one or more of a device type value, a device operating systemversion value, and a device application version value, and the dataprocessor readable medium further comprises code for comparing these oneor more values to corresponding device parameter values in theunauthorized combination filter.

In another embodiment, the data processor readable medium furthercomprises code for blocking the device from accessing the carriernetwork if a combination of a device type value, a device operatingsystem version value, and a device application version value is matched.

In another embodiment, the data processor readable medium furthercomprises code for sending an error message to the device upon blockingto explain the reason for the block.

In another embodiment, the data processor readable medium furthercomprises code for retrieving and storing the ESN or PIN for eachblocked device.

In another embodiment, the data processor readable medium furthercomprises code for attaching the unauthorized combination filter to acarrier comprises code for providing a carrier identifier and code forattaching the unauthorized combination filter to a carrier'sregistration subsystem.

While illustrative embodiments have been described above, it will beappreciated that various changes and modifications may be made. Moregenerally, the scope of the invention is defined by the followingclaims.

1. A method of blocking a mobile handheld device from a carrier network,comprising: defining an unauthorized combination filter including one ormore device parameters; attaching the unauthorized combination filter toa carrier registration subsystem; comparing the device parameter valuesin the unauthorized combination filter to device parameter values storedin the device; and if the device parameter values stored in the devicematch the device parameter values in the unauthorized combinationfilter, then blocking the device from accessing the carrier network. 2.The method of claim 1, wherein the device parameter values stored in thedevice include one or more of a device type value, a device operatingsystem version value, and a device application version value, and themethod further comprises comparing these one or more values tocorresponding device parameter values in the unauthorized combinationfilter.
 3. The method of claim 2, wherein the device is blocked fromaccessing the carrier network if a combination of a device type value, adevice operating system version value, and a device application versionvalue is matched.
 4. The method of claim 2, further comprising sendingan error message to the device upon blocking to explain the reason forthe block.
 5. The method of claim 4, further comprising retrieving andstoring the ESN or PIN for each blocked device.
 6. The method of claim1, wherein attaching the unauthorized combination filter to a carriercomprises providing a carrier identifier and attaching the unauthorizedcombination filter to a carrier's registration subsystem.
 7. The methodof claim 1, further comprising: detaching the unauthorized combinationfilter from the carrier registration subsystem; and permitting anypreviously blocked devices to access the carrier network.
 8. A systemfor blocking a mobile handheld device from a carrier network,comprising: processing means adapted to define an unauthorizedcombination filter including one or more device parameters; processingmeans adapted to attach the unauthorized combination filter to a carrierregistration subsystem; processing means adapted to compare the deviceparameter values in the unauthorized combination filter to deviceparameter values stored in the device; and processing means adapted tocompare the device parameter values in the device with one or moredevice parameter values in the unauthorized combination filter, and toblock the device from accessing the carrier network if the deviceparameter values match.
 9. The system of claim 8, wherein the deviceparameter values stored in the device include one or more of a devicetype value, a device operating system version value, and a deviceapplication version value, and the system further comprises processingmeans adapted to compare these one or more values to correspondingdevice parameter values in the unauthorized combination filter.
 10. Thesystem of claim 9, wherein the device is blocked from accessing thecarrier network if a combination of a device type value, a deviceoperating system version value, and a device application version valueis matched.
 11. The system of claim 9, further comprising processingmeans adapted to send an error message to the device upon blocking toexplain the reason for the block.
 12. The system of claim 11, furthercomprising processing means adapted to retrieve and storing the ESN orPIN for each blocked device.
 13. The system of claim 8, wherein theprocessing means for attaching the unauthorized combination filter to acarrier comprises processing means adapted to provide a carrieridentifier and to attach the unauthorized combination filter to acarrier's registration subsystem.
 14. The system of claim 8, furthercomprising: processing means adapted to detach the unauthorizedcombination filter from the carrier registration subsystem; andprocessing means adapted to permit any previously blocked devices toaccess the carrier network.
 15. A data processor readable medium storingdata processor code that when loaded onto a carrier registrationsubsystem adapts the subsystem to block a mobile handheld device from acarrier network, the data processor readable medium comprising: code fordefining an unauthorized combination filter including one or more deviceparameters; code for attaching the unauthorized combination filter to acarrier registration subsystem; code for comparing the device parametervalues in the unauthorized combination filter to device parameter valuesstored in the device; and code for blocking the device from accessingthe carrier network if the device parameter values stored in the devicematch the device parameter values in the unauthorized combinationfilter.
 16. The data processor readable medium of claim 15, wherein thedevice parameter values stored in the device include one or more of adevice type value, a device operating system version value, and a deviceapplication version value, and the data processor readable mediumfurther comprises code for comparing these one or more values tocorresponding device parameter values in the unauthorized combinationfilter.
 17. The data processor readable medium of claim 16, wherein thedata processor readable medium further comprises code for blocking thedevice from accessing the carrier network if a combination of a devicetype value, a device operating system version value, and a deviceapplication version value is matched.
 18. The data processor readablemedium of claim 16, further comprising code for sending an error messageto the device upon blocking to explain the reason for the block.
 19. Thedata processor readable medium of claim 18, further comprising code forretrieving and storing the ESN or PIN for each blocked device.
 20. Thedata processor readable medium of claim 15, wherein the code forattaching the unauthorized combination filter to a carrier comprisescode for providing a carrier identifier and code for attaching theunauthorized combination filter to a carrier's registration subsystem.